Network Working Group S. Leontiev, Ed.
Request for Comments: 4490 G. Chudov, Ed.
Category: Standards Track CRYPTO-PRO
May 2006
Network Working Group S. Leontiev, Ed.
Request for Comments: 4490 G. Chudov, Ed.
Category: Standards Track CRYPTO-PRO
May 2006
Using the GOST 28147-89, GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax (CMS)
使用GOST 28147-89、GOST R 34.11-94、GOST R 34.10-94和GOST R 34.10-2001算法和加密消息语法(CMS)
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
This document describes the conventions for using the cryptographic algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 with the Cryptographic Message Syntax (CMS). The CMS is used for digital signature, digest, authentication, and encryption of arbitrary message contents.
本文件描述了将加密算法GOST 28147-89、GOST R 34.10-94、GOST R 34.10-2001和GOST R 34.11-94与加密消息语法(CMS)一起使用的约定。CMS用于对任意消息内容进行数字签名、摘要、身份验证和加密。
Table of Contents
目录
1. Introduction ....................................................3
1.1. Terminology ................................................3
2. Message Digest Algorithms .......................................3
2.1. Message Digest Algorithm GOST R 34.11-94 ...................3
3. Signature Algorithms ............................................4
3.1. Signature Algorithm GOST R 34.10-94 ........................4
3.2. Signature Algorithm GOST R 34.10-2001 ......................5
4. Key Management Algorithms .......................................5
4.1. Key Agreement Algorithms ...................................6
4.1.1. Key Agreement Algorithms Based on GOST R
34.10-94/2001 Public ................................6
4.2. Key Transport Algorithms ...................................8
4.2.1. Key Transport Algorithm Based on GOST R
34.10-94/2001 Public ................................8
5. Content Encryption Algorithms ...................................9
5.1. Content Encryption Algorithm GOST 28147-89 ................10
6. MAC Algorithms .................................................10
6.1. HMAC with GOST R 34.11-94 .................................10
7. Use with S/MIME ................................................11
7.1. Parameter micalg ..........................................11
7.2. Attribute SMIMECapabilities ...............................11
8. Security Considerations ........................................12
9. Examples .......................................................12
9.1. Signed Message ............................................12
9.2. Enveloped Message Using Key Agreement .....................14
9.3. Enveloped Message Using Key Transport .....................17
10. ASN.1 Modules .................................................19
10.1. GostR3410-EncryptionSyntax ...............................19
10.2. GostR3410-94-SignatureSyntax .............................21
10.3. GostR3410-2001-SignatureSyntax ...........................22
11. Acknowledgements ..............................................23
12. References ....................................................24
12.1. Normative References .....................................24
12.2. Informative References ...................................25
1. Introduction ....................................................3
1.1. Terminology ................................................3
2. Message Digest Algorithms .......................................3
2.1. Message Digest Algorithm GOST R 34.11-94 ...................3
3. Signature Algorithms ............................................4
3.1. Signature Algorithm GOST R 34.10-94 ........................4
3.2. Signature Algorithm GOST R 34.10-2001 ......................5
4. Key Management Algorithms .......................................5
4.1. Key Agreement Algorithms ...................................6
4.1.1. Key Agreement Algorithms Based on GOST R
34.10-94/2001 Public ................................6
4.2. Key Transport Algorithms ...................................8
4.2.1. Key Transport Algorithm Based on GOST R
34.10-94/2001 Public ................................8
5. Content Encryption Algorithms ...................................9
5.1. Content Encryption Algorithm GOST 28147-89 ................10
6. MAC Algorithms .................................................10
6.1. HMAC with GOST R 34.11-94 .................................10
7. Use with S/MIME ................................................11
7.1. Parameter micalg ..........................................11
7.2. Attribute SMIMECapabilities ...............................11
8. Security Considerations ........................................12
9. Examples .......................................................12
9.1. Signed Message ............................................12
9.2. Enveloped Message Using Key Agreement .....................14
9.3. Enveloped Message Using Key Transport .....................17
10. ASN.1 Modules .................................................19
10.1. GostR3410-EncryptionSyntax ...............................19
10.2. GostR3410-94-SignatureSyntax .............................21
10.3. GostR3410-2001-SignatureSyntax ...........................22
11. Acknowledgements ..............................................23
12. References ....................................................24
12.1. Normative References .....................................24
12.2. Informative References ...................................25
The Cryptographic Message Syntax [CMS] is used for digital signature, digest, authentication, and encryption of arbitrary message contents. This companion specification describes the use of cryptographic algorithms GOST 28147-89 [GOST28147], GOST R 34.10-94 [GOST3431095, GOSTR341094], GOST R 34.10-2001 [GOST3431004, GOSTR341001], and GOST R 34.11-94 [GOST3431195, GOSTR341194] in CMS, as proposed by the CRYPTO-PRO Company for the "Russian Cryptographic Software Compatibility Agreement" community. This document does not describe these cryptographic algorithms; they are defined in corresponding national standards.
加密消息语法[CMS]用于对任意消息内容进行数字签名、摘要、身份验证和加密。本配套规范描述了加密算法GOST 28147-89[GOST28147]、GOST R 34.10-94[GOST34301095、GOSTR341094]、GOST R 34.10-2001[GOST3431004、GOSTR341001]和GOST R 34.11-94[GOST3431195、GOSTR341194]在CMS中的使用,如CRYPTO-PRO公司为“俄罗斯加密软件兼容性协议”提出的建议社区本文件不描述这些加密算法;它们在相应的国家标准中有定义。
The CMS values are generated using ASN.1 [X.208-88], using BER encoding [X.209-88]. This document specifies the algorithm identifiers for each algorithm, including ASN.1 for object identifiers and any associated parameters.
CMS值是使用ASN.1[X.208-88]和BER编码[X.209-88]生成的。本文档指定了每个算法的算法标识符,包括对象标识符的ASN.1和任何相关参数。
The fields in the CMS employed by each algorithm are identified.
识别每个算法使用的CMS中的字段。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
This section specifies the conventions for using the digest algorithm GOST R 34.11-94 employed by CMS.
本节规定了CMS采用的摘要算法GOST R 34.11-94的使用惯例。
Digest values are located in the DigestedData digest field and the Message Digest authenticated attribute. In addition, digest values are input to signature algorithms.
摘要值位于DigestedData摘要字段和Message Digest authenticated属性中。此外,摘要值被输入到签名算法中。
The hash function GOST R 34.11-94 has been developed by "GUBS of Federal Agency Government Communication and Information" and "All-Russian Scientific and Research Institute of Standardization". The algorithm GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite bit-length input. This document does not contain the full GOST R 34.11-94 specification, which can be found in [GOSTR341194] in Russian. [Schneier95], ch. 18.11, p. 454, contains a brief technical description in English.
哈希函数GOST R 34.11-94由“联邦政府通信和信息机构GUBS”和“全俄罗斯标准化科学研究院”开发。GOST R 34.11-94算法生成任意有限位长度输入的256位哈希值。本文件不包含完整的GOST R 34.11-94规范,该规范可在俄文[GOSTR341194]中找到。[Schneier95],第18.11章,p。454,包含英文的简要技术说明。
The hash algorithm GOST R 34.11-94 has the following identifier:
哈希算法GOST R 34.11-94具有以下标识符:
id-GostR3411-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostr3411(9) }
id-GostR3411-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostr3411(9) }
The AlgorithmIdentifier parameters field MUST be present, and the parameters field MUST contain NULL. Implementations MAY accept the GOST R 34.11-94 AlgorithmIdentifiers with absent parameters as well as NULL parameters.
AlgorithmIdentifier parameters字段必须存在,并且parameters字段必须包含NULL。实现可能会接受GOST R 34.11-94算法标识符,该标识符既有空参数也有空参数。
This function is always used with default parameters id-GostR3411- 94-CryptoProParamSet (see Section 8.2 of [CPALGS]).
此函数始终与默认参数id-GostR3411-94 CryptoProParamSet一起使用(请参见[CPALGS]第8.2节)。
When the Message Digest authenticated attribute is present, the DigestedData digest contains a 32-byte digest in little-endian representation:
当消息摘要已验证属性存在时,DigestedData摘要包含一个32字节的小尾端表示摘要:
GostR3411-94-Digest ::= OCTET STRING (SIZE (32))
GostR3411-94-Digest ::= OCTET STRING (SIZE (32))
This section specifies the CMS procedures for the GOST R 34.10-94 and GOST R 34.10-2001 signature algorithms.
本节规定了GOST R 34.10-94和GOST R 34.10-2001签名算法的CMS程序。
Signature algorithm identifiers are located in the SignerInfo signatureAlgorithm field of SignedData. Also, signature algorithm identifiers are located in the SignerInfo signatureAlgorithm field of countersignature attributes.
签名算法标识符位于SignedData的SignerInfo signatureAlgorithm字段中。此外,签名算法标识符位于会签属性的SignerInfo signatureAlgorithm字段中。
Signature values are located in the SignerInfo signature field of SignedData. Also, signature values are located in the SignerInfo signature field of countersignature attributes.
签名值位于SignedData的SignerInfo签名字段中。此外,签名值位于会签属性的SignerInfo签名字段中。
GOST R 34.10-94 has been developed by "GUBS of Federal Agency Government Communication and Information" and "All-Russian Scientific and Research Institute of Standardization". This signature algorithm MUST be used conjointly with the GOST R 34.11-94 message digest algorithm. This document does not contain the full GOST R 34.10-94 specification, which is fully described in [GOSTR341094] in Russian; and a brief description in English can be found in [Schneier95], ch. 20.3, p. 495.
GOST R 34.10-94由“联邦政府通信和信息局GUBS”和“全俄罗斯标准化科学研究所”开发。此签名算法必须与GOST R 34.11-94消息摘要算法结合使用。本文件不包含完整的GOST R 34.10-94规范,该规范在[GOSTR341094]中以俄语进行了完整描述;在[Schneier95]第20.3章,第。495
The GOST R 34.10-94 signature algorithm has the following public key algorithm identifier:
GOST R 34.10-94签名算法具有以下公钥算法标识符:
id-GostR3410-94-signature OBJECT IDENTIFIER ::= id-GostR3410-94
id-GostR3410-94-signature OBJECT IDENTIFIER ::= id-GostR3410-94
id-GostR3410-94 is defined in Section 2.3.1 of [CPPK].
id-GostR3410-94的定义见[CPPK]第2.3.1节。
The signature algorithm GOST R 34.10-94 generates a digital signature in the form of two 256-bit numbers, r' and s. Its octet string representation consists of 64 octets, where the first 32 octets contain the big-endian representation of s and the second 32 octets contain the big-endian representation of r'.
签名算法GOST R 34.10-94以两个256位数字R'和s的形式生成数字签名。它的八位字节字符串表示法由64个八位字节组成,其中前32个八位字节包含s的大端表示法,后32个八位字节包含r'的大端表示法。
GostR3410-94-Signature ::= OCTET STRING (SIZE (64))
GostR3410-94-Signature ::= OCTET STRING (SIZE (64))
GOST R 34.10-2001 has been developed by "GUBS of Federal Agency Government Communication and Information" and "All-Russian Scientific and Research Institute of Standardization". This signature algorithm MUST be used conjointly with GOST R 34.11-94. This document does not contain the full GOST R 34.10-2001 specification, which is fully described in [GOSTR341001].
GOST R 34.10-2001由“联邦政府通信和信息机构GUBS”和“全俄罗斯标准化科学研究院”制定。此签名算法必须与GOST R 34.11-94结合使用。本文件不包含完整的GOST R 34.10-2001规范,该规范在[GOSTR341001]中有详细说明。
The signature algorithm GOST R 34.10-2001 has the following public key algorithm identifier:
签名算法GOST R 34.10-2001具有以下公钥算法标识符:
id-GostR3410-2001-signature OBJECT IDENTIFIER ::= id-GostR3410-2001
id-GostR3410-2001-signature OBJECT IDENTIFIER ::= id-GostR3410-2001
id-GostR3410-2001 is defined in Section 2.3.2 of [CPPK].
id-GostR3410-2001的定义见[CPPK]第2.3.2节。
The signature algorithm GOST R 34.10-2001 generates a digital signature in the form of two 256-bit numbers, r and s. Its octet string representation consists of 64 octets, where the first 32 octets contain the big-endian representation of s and the second 32 octets contain the big-endian representation of r.
签名算法GOST R 34.10-2001以两个256位数字R和s的形式生成数字签名。它的八进制字符串表示法由64个八进制组成,其中前32个八进制包含s的大端表示法,后32个八进制包含r的大端表示法。
GostR3410-2001-Signature ::= OCTET STRING (SIZE (64))
GostR3410-2001-Signature ::= OCTET STRING (SIZE (64))
This chapter describes the key agreement and key transport algorithms, based on the VKO GOST R 34.10-94 and VKO GOST R 34.10- 2001 key derivation algorithms, and the CryptoPro and GOST 28147-89 key wrap algorithms, described in [CPALGS]. They MUST be used only with the content encryption algorithm GOST 28147-89, defined in Section 5 of this document.
本章描述了基于VKO GOST R 34.10-94和VKO GOST R 34.10-2001密钥派生算法以及[CPALGS]中描述的CryptoPro和GOST 28147-89密钥包裹算法的密钥协商和密钥传输算法。它们只能与本文件第5节中定义的内容加密算法GOST 28147-89一起使用。
This section specifies the conventions employed by CMS implementations that support key agreement using both the VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].
本节规定了CMS实现采用的约定,这些约定支持使用VKO GOST R 34.10-94和VKO GOST R 34.10-2001算法的密钥协商,如[CPALGS]所述。
Key agreement algorithm identifiers are located in the EnvelopedData RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and AuthenticatedData RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields.
密钥协商算法标识符位于EnvelopedData RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm和Authenticated Data RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm字段中。
Wrapped content-encryption keys are located in the EnvelopedData RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys encryptedKey field. Wrapped message-authentication keys are located in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys encryptedKey field.
包装的内容加密密钥位于EnvelopedData RecipientInfos KeyAgreement RecipientInfo RecipientEncryptedKeys encryptedKey字段中。包装消息身份验证密钥位于AuthenticatedData RecipientInfos KeyAgreement RecipientInfo RecipientEncryptedKeys encryptedKey字段中。
4.1.1. Key Agreement Algorithms Based on GOST R 34.10-94/2001 Public Keys
4.1.1. 基于GOST R 34.10-94/2001公钥的密钥协商算法
The EnvelopedData RecipientInfos KeyAgreeRecipientInfo field is used as follows:
EnvelopedData RecipientInfos KeyAgreeRecipientInfo字段的使用方式如下:
The version MUST be 3.
版本必须为3。
The originator MUST be the originatorKey alternative. The originatorKey algorithm field MUST contain the object identifier id-GostR3410-94 or id-GostR3410-2001 and corresponding parameters (defined in Sections 2.3.1, 2.3.2 of [CPPK]).
发起人必须是发起人备选方案。“原始工作算法”字段必须包含对象标识符id-GostR3410-94或id-GostR3410-2001以及相应的参数(定义见[CPPK]第2.3.1、2.3.2节)。
The originatorKey publicKey field MUST contain the sender's public key.
OriginationWorkey公钥字段必须包含发件人的公钥。
keyEncryptionAlgorithm MUST be the id-GostR3410-94-CryptoPro-ESDH or the id-GostR3410-2001-CryptoPro-ESDH algorithm identifier, depending on the recipient public key algorithm. The algorithm identifier parameter field for these algorithms is KeyWrapAlgorithm, and this parameter MUST be present. The KeyWrapAlgorithm denotes the algorithm and parameters used to encrypt the content-encryption key with the pairwise key-encryption key generated using the VKO GOST R 34.10-94 or the VKO GOST R 34.10-2001 key agreement algorithms.
keyEncryptionAlgorithm必须是id-GostR3410-94-CryptoPro-ESDH或id-GostR3410-2001-CryptoPro-ESDH算法标识符,具体取决于接收方公钥算法。这些算法的算法标识符参数字段是KeyWrapAlgorithm,并且该参数必须存在。KeyWrapAlgorithm表示用于使用VKO GOST R 34.10-94或VKO GOST R 34.10-2001密钥协商算法生成的成对密钥加密密钥加密内容加密密钥的算法和参数。
The algorithm identifiers and parameter syntax is:
算法标识符和参数语法为:
id-GostR3410-94-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3410-94-CryptoPro-ESDH(97) }
id-GostR3410-94-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3410-94-CryptoPro-ESDH(97) }
id-GostR3410-2001-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3410-2001-CryptoPro-ESDH(96) }
id-GostR3410-2001-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gostR3410-2001-CryptoPro-ESDH(96) }
KeyWrapAlgorithm ::= AlgorithmIdentifier
KeyWrapAlgorithm ::= AlgorithmIdentifier
When keyEncryptionAlgorithm is id-GostR3410-94-CryptoPro-ESDH, KeyWrapAlgorithm algorithm MUST be the id-Gost28147-89-CryptoPro-KeyWrap algorithm identifier.
当keyEncryptionAlgorithm为id-GostR3410-94-CryptoPro-ESDH时,KeyWrapAlgorithm算法必须是id-Gost28147-89-CryptoPro-KeyWrap算法标识符。
id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
keyWrap(13) cryptoPro(1) }
id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
keyWrap(13) cryptoPro(1) }
The CryptoPro Key Wrap algorithm is described in Sections 6.3 and 6.4 of [CPALGS].
[CPALGS]第6.3节和第6.4节描述了CryptoPro密钥包裹算法。
When keyEncryptionAlgorithm is id-GostR3410-2001-CryptoPro-ESDH, KeyWrapAlgorithm algorithm MUST be either the id-Gost28147-89- CryptoPro-KeyWrap or id-Gost28147-89-None-KeyWrap algorithm identifier.
当keyEncryptionAlgorithm为id-GostR3410-2001-CryptoPro-ESDH时,KeyWrapAlgorithm算法必须是id-Gost28147-89-CryptoPro密钥封装或id-Gost28147-89-None-KeyWrap算法标识符。
id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
keyWrap(13) none(0) }
id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
keyWrap(13) none(0) }
The GOST 28147-89 Key Wrap algorithm is described in Sections 6.1 and 6.2 of [CPALGS].
GOST 28147-89密钥包裹算法在[CPALGS]的第6.1节和第6.2节中进行了描述。
KeyWrapAlgorithm algorithm parameters MUST be present. The syntax for KeyWrapAlgorithm algorithm parameters is
KeyWrapAlgorithm算法参数必须存在。KeyWrapAlgorithm算法参数的语法为
Gost28147-89-KeyWrapParameters ::=
SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet,
ukm OCTET STRING (SIZE (8)) OPTIONAL
}
Gost28147-89-ParamSet ::= OBJECT IDENTIFIER
Gost28147-89-KeyWrapParameters ::=
SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet,
ukm OCTET STRING (SIZE (8)) OPTIONAL
}
Gost28147-89-ParamSet ::= OBJECT IDENTIFIER
Gost28147-89-KeyWrapParameters ukm MUST be absent.
Gost28147-89-KeyWrapParameters ukm必须不存在。
KeyAgreeRecipientInfo ukm MUST be present and contain eight octets.
KeyAgreeRecipientInfo ukm必须存在并包含八个八位字节。
encryptedKey MUST encapsulate Gost28147-89-EncryptedKey, where maskKey MUST be absent.
encryptedKey必须封装Gost28147-89-encryptedKey,其中必须缺少maskKey。
Gost28147-89-EncryptedKey ::= SEQUENCE {
encryptedKey Gost28147-89-Key,
maskKey [0] IMPLICIT Gost28147-89-Key
OPTIONAL,
macKey Gost28147-89-MAC
}
Gost28147-89-EncryptedKey ::= SEQUENCE {
encryptedKey Gost28147-89-Key,
maskKey [0] IMPLICIT Gost28147-89-Key
OPTIONAL,
macKey Gost28147-89-MAC
}
Using the secret key corresponding to the originatorKey publicKey and the recipient's public key, the algorithm VKO GOST R 34.10-94 or VKO GOST R 34.10-2001 (described in [CPALGS]) is applied to produce the KEK.
使用与原始公钥和接收方公钥相对应的密钥,应用算法VKO GOST R 34.10-94或VKO GOST R 34.10-2001(在[CPALGS]中描述)来产生KEK。
Then the key wrap algorithm, specified by KeyWrapAlgorithm, is applied to produce CEK_ENC, CEK_MAC, and UKM. Gost28147-89- KeyWrapParameters encryptionParamSet is used for all encryption operations.
然后应用KeyWrapAlgorithm指定的密钥包裹算法生成CEK_ENC、CEK_MAC和UKM。Gost28147-89-密钥包装参数EncryptionParameters encryptionParamSet用于所有加密操作。
The resulting encrypted key (CEK_ENC) is placed in the Gost28147-89- EncryptedKey encryptedKey field, its mac (CEK_MAC) is placed in the Gost28147-89-EncryptedKey macKey field, and UKM is placed in the KeyAgreeRecipientInfo ukm field.
生成的加密密钥(CEK_-ENC)放在Gost28147-89-EncryptedKey EncryptedKey字段中,其mac(CEK_-mac)放在Gost28147-89-EncryptedKey macKey字段中,UKM放在KeyAgreeRecipientInfo UKM字段中。
This section specifies the conventions employed by CMS implementations that support key transport using both the VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].
本节规定了CMS实现采用的约定,这些约定支持使用VKO GOST R 34.10-94和VKO GOST R 34.10-2001算法进行密钥传输,如[CPALGS]所述。
Key transport algorithm identifiers are located in the EnvelopedData RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.
密钥传输算法标识符位于EnvelopedData RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm字段中。
Key transport encrypted content-encryption keys are located in the EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey field.
密钥传输加密内容加密密钥位于EnvelopedData RecipientInfos密钥TransRecipientInfo encryptedKey字段中。
4.2.1. Key Transport Algorithm Based on GOST R 34.10-94/2001 Public Keys
4.2.1. 基于GOST R 34.10-94/2001公钥的密钥传输算法
The EnvelopedData RecipientInfos KeyTransRecipientInfo field is used as follows:
EnvelopedData RecipientInfo键TransRecipientInfo字段的使用方式如下:
The version MUST be 0 or 3.
版本必须为0或3。
keyEncryptionAlgorithm and parameters MUST be identical to the recipient public key algorithm and parameters.
keyEncryptionAlgorithm和参数必须与收件人公钥算法和参数相同。
encryptedKey encapsulates GostR3410-KeyTransport, which consists of encrypted content-encryption key, its MAC, GOST 28147-89 algorithm parameters used for key encryption, the sender's ephemeral public key, and UKM (UserKeyingMaterial; see [CMS], Section 10.2.6).
encryptedKey封装了GostR3410 KeyTransport,其中包括加密内容加密密钥、其MAC、用于密钥加密的GOST 28147-89算法参数、发送方的临时公钥和UKM(UserKeyingMaterial;见[CMS],第10.2.6节)。
transportParameters MUST be present.
传输参数必须存在。
ephemeralPublicKey MUST be present and its parameters, if present, MUST be equal to the recipient public key parameters;
ephemeralPublicKey必须存在,其参数(如果存在)必须等于收件人公钥参数;
GostR3410-KeyTransport ::= SEQUENCE {
sessionEncryptedKey Gost28147-89-EncryptedKey,
transportParameters
[0] IMPLICIT GostR3410-TransportParameters OPTIONAL
}
GostR3410-KeyTransport ::= SEQUENCE {
sessionEncryptedKey Gost28147-89-EncryptedKey,
transportParameters
[0] IMPLICIT GostR3410-TransportParameters OPTIONAL
}
GostR3410-TransportParameters ::= SEQUENCE {
encryptionParamSet OBJECT IDENTIFIER,
ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING
}
GostR3410-TransportParameters ::= SEQUENCE {
encryptionParamSet OBJECT IDENTIFIER,
ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING
}
Using the secret key corresponding to the GostR3410- TransportParameters ephemeralPublicKey and the recipient's public key, the algorithm VKO GOST R 34.10-94 or VKO GOST R 34.10-2001 (described in [CPALGS]) is applied to produce the KEK.
使用与GostR3410-TransportParameters EpheralPublicey相对应的密钥和接收者的公钥,应用算法VKO GOST R 34.10-94或VKO GOST R 34.10-2001(在[CPALGS]中描述)来产生KEK。
Then the CryptoPro key wrap algorithm is applied to produce CEK_ENC, CEK_MAC, and UKM. GostR3410-TransportParameters encryptionParamSet is used for all encryption operations.
然后应用CryptoPro密钥包裹算法生成CEK_ENC、CEK_MAC和UKM。GostR3410 TransportParameters encryptionParamSet用于所有加密操作。
The resulting encrypted key (CEK_ENC) is placed in the Gost28147-89- EncryptedKey encryptedKey field, its mac (CEK_MAC) is placed in the Gost28147-89-EncryptedKey macKey field, and UKM is placed in the GostR3410-TransportParameters ukm field.
生成的加密密钥(CEK_-ENC)放在Gost28147-89-加密密钥EncryptedKey字段中,其mac(CEK_-mac)放在Gost28147-89-加密密钥macKey字段中,UKM放在GostR3410传输参数UKM字段中。
This section specifies the conventions employed by CMS implementations that support content encryption using GOST 28147-89.
本节规定了支持使用GOST 28147-89进行内容加密的CMS实施所采用的约定。
Content encryption algorithm identifiers are located in the EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields.
内容加密算法标识符位于EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm和EncryptedData EncryptedContentInfo contentEncryptionAlgorithm字段中。
Content encryption algorithms are used to encipher the content located in the EnvelopedData EncryptedContentInfo encryptedContent field and the EncryptedData EncryptedContentInfo encryptedContent field.
内容加密算法用于加密位于EnvelopedData EncryptedContentInfo encryptedContent字段和EncryptedData EncryptedContentInfo encryptedContent字段中的内容。
This section specifies the use of GOST 28147-89 algorithm for data encipherment.
本节规定使用GOST 28147-89算法进行数据加密。
GOST 28147-89 is fully described in [GOST28147] (in Russian).
GOST 28147-89在[GOST28147](俄语)中有完整描述。
This document specifies the following object identifier (OID) for this algorithm:
本文档为此算法指定以下对象标识符(OID):
id-Gost28147-89 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gost28147-89(21) }
id-Gost28147-89 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
gost28147-89(21) }
Algorithm parameters MUST be present and have the following structure:
算法参数必须存在并具有以下结构:
Gost28147-89-Parameters ::=
SEQUENCE {
iv Gost28147-89-IV,
encryptionParamSet OBJECT IDENTIFIER
}
Gost28147-89-Parameters ::=
SEQUENCE {
iv Gost28147-89-IV,
encryptionParamSet OBJECT IDENTIFIER
}
Gost28147-89-IV ::= OCTET STRING (SIZE (8))
Gost28147-89-IV ::= OCTET STRING (SIZE (8))
encryptionParamSet specifies the set of corresponding Gost28147-89- ParamSetParameters (see Section 8.1 of [CPALGS])
encryptionParamSet指定相应的Gost28147-89-ParamSetParameters集(见[CPALGS]第8.1节)
This section specifies the conventions employed by CMS implementations that support the message authentication code (MAC) based on GOST R 34.11-94.
本节规定了支持基于GOST R 34.11-94的消息认证码(MAC)的CMS实施所采用的约定。
MAC algorithm identifiers are located in the AuthenticatedData macAlgorithm field.
MAC算法标识符位于AuthenticatedData macAlgorithm字段中。
MAC values are located in the AuthenticatedData mac field.
MAC值位于AuthenticatedData MAC字段中。
HMAC_GOSTR3411 (K,text) function is based on hash function GOST R 34.11-94, as defined in Section 3 of [CPALGS].
HMAC_GOSTR3411(K,text)函数基于[CPALGS]第3节中定义的哈希函数GOST R 34.11-94。
This document specifies the following OID for this algorithm:
本文档为此算法指定了以下OID:
id-HMACGostR3411-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
hmacgostr3411(10) }
id-HMACGostR3411-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
hmacgostr3411(10) }
This algorithm has the same parameters as the GOST R 34.11-94 digest algorithm and uses the same OIDs for their identification (see [CPPK]).
该算法具有与GOST R 34.11-94摘要算法相同的参数,并使用相同的OID进行识别(参见[CPPK])。
This section defines the use of the algorithms defined in this document with S/MIME [RFC3851].
本节定义了将本文档中定义的算法与S/MIME[RFC3851]一起使用。
When using the algorithms defined in this document, micalg parameter SHOULD be set to "gostr3411-94"; otherwise, it MUST be set to "unknown".
使用本文件定义的算法时,micalg参数应设置为“gostr3411-94”;否则,必须将其设置为“未知”。
The SMIMECapability value that indicates support for the GOST R 34.11-94 digest algorithm is the SEQUENCE with the capabilityID field containing the object identifier id-GostR3411-94 and no parameters. The DER encoding is:
表示支持GOST R 34.11-94摘要算法的SMIMECapability值是capabilityID字段包含对象标识符id-GostR3411-94且无参数的序列。DER编码是:
30 08 06 06 2A 85 03 02 02 09
30 08 06 2A 85 03 02 09
The SMIMECapability value that indicates support for the GOST 28147-89 encryption algorithm is the SEQUENCE with the capabilityID field containing the object identifier id-Gost28147-89 and no parameters. The DER encoding is:
表示支持GOST 28147-89加密算法的SMIMECapability值是capabilityID字段包含对象标识符id-Gost28147-89且无参数的序列。DER编码是:
30 08 06 06 2A 85 03 02 02 15
30 08 06 2A 85 03 02 15
If the sender wishes to indicate support for a specific parameter set, SMIMECapability parameters MUST contain the Gost28147-89- Parameters structure. Recipients MUST ignore the Gost28147-89- Parameters iv field and assume that the sender supports the parameters specified in the Gost28147-89-Parameters encryptionParamSet field.
如果发送方希望表示支持特定参数集,则SMIMECapability参数必须包含Gost28147-89-参数结构。收件人必须忽略Gost28147-89-参数iv字段,并假设发件人支持Gost28147-89-参数encryptionParamSet字段中指定的参数。
The DER encoding for the SMIMECapability, indicating support for GOST 28147-89 with id-Gost28147-89-CryptoPro-A-ParamSet (see [CPALGS]), is:
SMIMECapability的DER编码表示支持id为Gost28147-89-Gost28147-89-CryptoPro-A-ParamSet的GOST 28147-89(请参见[CPALGS]),该编码为:
30 1D 06 06 2A 85 03 02 02 15 30 13 04 08 00 00 00 00 00 00 00 00 06 07 2A 85 03 02 02 1F 01
30 1D 06 06 2A 85 03 02 15 30 13 04 08 00 06 07 2A 85 03 02 02 1F 01
Conforming applications MUST use unique values for ukm and iv. Recipients MAY verify that ukm and iv, specified by the sender, are unique.
符合要求的应用程序必须为ukm和iv使用唯一值。收件人可以验证发送方指定的ukm和iv是唯一的。
It is RECOMMENDED that software applications verify that signature values, subject public keys, and algorithm parameters conform to [GOSTR341001] and [GOSTR341094] standards prior to their use.
建议软件应用程序在使用前验证签名值、主题公钥和算法参数是否符合[GOSTR341001]和[GOSTR341094]标准。
Cryptographic algorithm parameters affect algorithm strength. The use of parameters not listed in [CPALGS] is NOT RECOMMENDED (see the Security Considerations section of [CPALGS]).
密码算法参数影响算法强度。不建议使用[CPALGS]中未列出的参数(请参阅[CPALGS]的安全注意事项部分)。
Use of the same key for signature and key derivation is NOT RECOMMENDED. When signed CMS documents are used as an analogue to a manual signing, in the context of Russian Federal Electronic Digital Signature Law [RFEDSL], signer certificate MUST contain the keyUsage extension, it MUST be critical, and keyUsage MUST NOT include keyEncipherment or keyAgreement (see [PROFILE], Section 4.2.1.3). Application SHOULD be submitted for examination by an authorized agency in appropriate levels of target_of_evaluation (TOE), according to [RFEDSL], [RFLLIC], and [CRYPTOLIC].
不建议对签名和密钥派生使用相同的密钥。在俄罗斯联邦电子数字签名法[RFEDSL]的背景下,当签名的CMS文件被用作人工签名的类似物时,签名者证书必须包含密钥使用扩展,它必须是关键的,并且密钥使用不得包括密钥加密或密钥协议(见[PROFILE],第4.2.1.3节)。应根据[RFEDSL]、[RFLICAL]和[CRYPTOLIC]的规定,将申请提交给授权机构进行适当级别的目标评估(TOE)审查。
Examples here are stored in the same format as the examples in [RFC4134] and can be extracted using the same program.
此处的示例以与[RFC4134]中示例相同的格式存储,并且可以使用相同的程序提取。
If you want to extract without the program, copy all the lines between the "|>" and "|<" markers, remove any page breaks, and remove the "|" in the first column of each line. The result is a valid Base64 blob that can be processed by any Base64 decoder.
如果要在不使用程序的情况下进行提取,请复制“|>”和“|<”标记之间的所有行,删除任何分页符,并删除每行第一列中的“|”。结果是可以由任何Base64解码器处理的有效Base64 blob。
This message is signed using the sample certificate from Section 4.2 of [CPPK]. The public key (x,y) from the same section can be used to verify the message signature.
此消息使用[CPPK]第4.2节中的示例证书签名。来自同一节的公钥(x,y)可用于验证消息签名。
0 296: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData
15 281: [0] {
19 277: SEQUENCE {
23 1: INTEGER 1
0 296: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData
15 281: [0] {
19 277: SEQUENCE {
23 1: INTEGER 1
26 12: SET {
28 10: SEQUENCE {
30 6: OBJECT IDENTIFIER id-GostR3411-94
38 0: NULL
: }
: }
40 27: SEQUENCE {
42 9: OBJECT IDENTIFIER data
53 14: [0] {
55 12: OCTET STRING 73 61 6D 70 6C 65 20 74 65 78 74 0A
: }
: }
69 228: SET {
72 225: SEQUENCE {
75 1: INTEGER 1
78 129: SEQUENCE {
81 109: SEQUENCE {
83 31: SET {
85 29: SEQUENCE {
87 3: OBJECT IDENTIFIER commonName
92 22: UTF8String 'GostR3410-2001 example'
: }
: }
116 18: SET {
118 16: SEQUENCE {
120 3: OBJECT IDENTIFIER organizationName
125 9: UTF8String 'CryptoPro'
: }
: }
136 11: SET {
138 9: SEQUENCE {
140 3: OBJECT IDENTIFIER countryName
145 2: PrintableString 'RU'
: }
: }
149 41: SET {
151 39: SEQUENCE {
153 9: OBJECT IDENTIFIER emailAddress
164 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
192 16: INTEGER
: 2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
: }
210 10: SEQUENCE {
212 6: OBJECT IDENTIFIER id-GostR3411-94
220 0: NULL
26 12: SET {
28 10: SEQUENCE {
30 6: OBJECT IDENTIFIER id-GostR3411-94
38 0: NULL
: }
: }
40 27: SEQUENCE {
42 9: OBJECT IDENTIFIER data
53 14: [0] {
55 12: OCTET STRING 73 61 6D 70 6C 65 20 74 65 78 74 0A
: }
: }
69 228: SET {
72 225: SEQUENCE {
75 1: INTEGER 1
78 129: SEQUENCE {
81 109: SEQUENCE {
83 31: SET {
85 29: SEQUENCE {
87 3: OBJECT IDENTIFIER commonName
92 22: UTF8String 'GostR3410-2001 example'
: }
: }
116 18: SET {
118 16: SEQUENCE {
120 3: OBJECT IDENTIFIER organizationName
125 9: UTF8String 'CryptoPro'
: }
: }
136 11: SET {
138 9: SEQUENCE {
140 3: OBJECT IDENTIFIER countryName
145 2: PrintableString 'RU'
: }
: }
149 41: SET {
151 39: SEQUENCE {
153 9: OBJECT IDENTIFIER emailAddress
164 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
192 16: INTEGER
: 2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
: }
210 10: SEQUENCE {
212 6: OBJECT IDENTIFIER id-GostR3411-94
220 0: NULL
: }
222 10: SEQUENCE {
224 6: OBJECT IDENTIFIER id-GostR3410-2001
232 0: NULL
: }
234 64: OCTET STRING
: C0 C3 42 D9 3F 8F FE 25 11 11 88 77 BF 89 C3 DB
: 83 42 04 D6 20 F9 68 2A 99 F6 FE 30 3B E4 F4 C8
: F8 D5 B4 DA FB E1 C6 91 67 34 1F BC A6 7A 0D 12
: 7B FD 10 25 C6 51 DB 8D B2 F4 8C 71 7E ED 72 A9
: }
: }
: }
: }
: }
: }
222 10: SEQUENCE {
224 6: OBJECT IDENTIFIER id-GostR3410-2001
232 0: NULL
: }
234 64: OCTET STRING
: C0 C3 42 D9 3F 8F FE 25 11 11 88 77 BF 89 C3 DB
: 83 42 04 D6 20 F9 68 2A 99 F6 FE 30 3B E4 F4 C8
: F8 D5 B4 DA FB E1 C6 91 67 34 1F BC A6 7A 0D 12
: 7B FD 10 25 C6 51 DB 8D B2 F4 8C 71 7E ED 72 A9
: }
: }
: }
: }
: }
|>GostR3410-2001-signed.bin
|MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
|9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
|c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
|BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
|AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
|P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
|xlHbjbL0jHF+7XKp
|<GostR3410-2001-signed.bin
|>GostR3410-2001-signed.bin
|MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
|9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
|c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
|BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
|AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
|P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
|xlHbjbL0jHF+7XKp
|<GostR3410-2001-signed.bin
This message is encrypted using the sample certificate from Section 4.2 of [CPPK] as a recipient certificate. The private key 'd' from the same section can be used to decrypt this message.
此邮件使用[CPPK]第4.2节中的示例证书作为收件人证书进行加密。来自同一节的私钥“d”可用于解密此消息。
0 420: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData
15 405: [0] {
19 401: SEQUENCE {
23 1: INTEGER 2
26 336: SET {
30 332: [1] {
34 1: INTEGER 3
37 101: [0] {
39 99: [1] {
41 28: SEQUENCE {
43 6: OBJECT IDENTIFIER id-GostR3410-2001
51 18: SEQUENCE {
53 7: OBJECT IDENTIFIER
: id-GostR3410-2001-CryptoPro-XchA-ParamSet
62 7: OBJECT IDENTIFIER
0 420: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData
15 405: [0] {
19 401: SEQUENCE {
23 1: INTEGER 2
26 336: SET {
30 332: [1] {
34 1: INTEGER 3
37 101: [0] {
39 99: [1] {
41 28: SEQUENCE {
43 6: OBJECT IDENTIFIER id-GostR3410-2001
51 18: SEQUENCE {
53 7: OBJECT IDENTIFIER
: id-GostR3410-2001-CryptoPro-XchA-ParamSet
62 7: OBJECT IDENTIFIER
: id-GostR3411-94-CryptoProParamSet
: }
: }
71 67: BIT STRING, encapsulates {
74 64: OCTET STRING
: B3 55 39 F4 67 81 97 2B A5 C4 D9 84 1F 27 FB 81
: ED 08 32 E6 9A D4 F2 00 78 B8 FF 83 64 EA D2 1D
: B0 78 3C 7D FE 03 C1 F4 06 E4 3B CC 16 B9 C5 F6
: F6 19 37 1C 17 B8 A0 AA C7 D1 A1 94 B3 A5 36 20
: }
: }
: }
140 10: [1] {
142 8: OCTET STRING 2F F0 F6 D1 86 4B 32 8A
: }
152 30: SEQUENCE {
154 6: OBJECT IDENTIFIER id-GostR3410-2001-CryptoPro-ESDH
162 20: SEQUENCE {
164 7: OBJECT IDENTIFIER id-Gost28147-89-None-KeyWrap
173 9: SEQUENCE {
175 7: OBJECT IDENTIFIER
: id-Gost28147-89-CryptoPro-A-ParamSet
: }
: }
: }
184 179: SEQUENCE {
187 176: SEQUENCE {
190 129: SEQUENCE {
193 109: SEQUENCE {
195 31: SET {
197 29: SEQUENCE {
199 3: OBJECT IDENTIFIER commonName
204 22: UTF8String 'GostR3410-2001 example'
: }
: }
228 18: SET {
230 16: SEQUENCE {
232 3: OBJECT IDENTIFIER organizationName
237 9: UTF8String 'CryptoPro'
: }
: }
248 11: SET {
250 9: SEQUENCE {
252 3: OBJECT IDENTIFIER countryName
257 2: PrintableString 'RU'
: }
: }
261 41: SET {
: id-GostR3411-94-CryptoProParamSet
: }
: }
71 67: BIT STRING, encapsulates {
74 64: OCTET STRING
: B3 55 39 F4 67 81 97 2B A5 C4 D9 84 1F 27 FB 81
: ED 08 32 E6 9A D4 F2 00 78 B8 FF 83 64 EA D2 1D
: B0 78 3C 7D FE 03 C1 F4 06 E4 3B CC 16 B9 C5 F6
: F6 19 37 1C 17 B8 A0 AA C7 D1 A1 94 B3 A5 36 20
: }
: }
: }
140 10: [1] {
142 8: OCTET STRING 2F F0 F6 D1 86 4B 32 8A
: }
152 30: SEQUENCE {
154 6: OBJECT IDENTIFIER id-GostR3410-2001-CryptoPro-ESDH
162 20: SEQUENCE {
164 7: OBJECT IDENTIFIER id-Gost28147-89-None-KeyWrap
173 9: SEQUENCE {
175 7: OBJECT IDENTIFIER
: id-Gost28147-89-CryptoPro-A-ParamSet
: }
: }
: }
184 179: SEQUENCE {
187 176: SEQUENCE {
190 129: SEQUENCE {
193 109: SEQUENCE {
195 31: SET {
197 29: SEQUENCE {
199 3: OBJECT IDENTIFIER commonName
204 22: UTF8String 'GostR3410-2001 example'
: }
: }
228 18: SET {
230 16: SEQUENCE {
232 3: OBJECT IDENTIFIER organizationName
237 9: UTF8String 'CryptoPro'
: }
: }
248 11: SET {
250 9: SEQUENCE {
252 3: OBJECT IDENTIFIER countryName
257 2: PrintableString 'RU'
: }
: }
261 41: SET {
263 39: SEQUENCE {
265 9: OBJECT IDENTIFIER emailAddress
276 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
304 16: INTEGER
: 2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
: }
322 42: OCTET STRING, encapsulates {
324 40: SEQUENCE {
326 32: OCTET STRING
: 16 A3 1C E7 CE 4E E9 0D F1 EC 74 69 04 68 1E C7
: 9F 3A ED B8 3B 1F 1D 4A 7E F9 A5 D9 CB 19 D5 E8
360 4: OCTET STRING
: 93 FD 86 7E
: }
: }
: }
: }
: }
: }
366 56: SEQUENCE {
368 9: OBJECT IDENTIFIER data
379 29: SEQUENCE {
381 6: OBJECT IDENTIFIER id-Gost28147-89
389 19: SEQUENCE {
391 8: OCTET STRING B7 35 E1 7A 07 35 A2 1D
401 7: OBJECT IDENTIFIER id-Gost28147-89-CryptoPro-A-ParamSet
: }
: }
410 12: [0] 39 B1 8A F4 BF A9 E2 65 25 B6 55 C9
: }
: }
: }
: }
263 39: SEQUENCE {
265 9: OBJECT IDENTIFIER emailAddress
276 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
304 16: INTEGER
: 2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
: }
322 42: OCTET STRING, encapsulates {
324 40: SEQUENCE {
326 32: OCTET STRING
: 16 A3 1C E7 CE 4E E9 0D F1 EC 74 69 04 68 1E C7
: 9F 3A ED B8 3B 1F 1D 4A 7E F9 A5 D9 CB 19 D5 E8
360 4: OCTET STRING
: 93 FD 86 7E
: }
: }
: }
: }
: }
: }
366 56: SEQUENCE {
368 9: OBJECT IDENTIFIER data
379 29: SEQUENCE {
381 6: OBJECT IDENTIFIER id-Gost28147-89
389 19: SEQUENCE {
391 8: OCTET STRING B7 35 E1 7A 07 35 A2 1D
401 7: OBJECT IDENTIFIER id-Gost28147-89-CryptoPro-A-ParamSet
: }
: }
410 12: [0] 39 B1 8A F4 BF A9 E2 65 25 B6 55 C9
: }
: }
: }
: }
|>GostR3410-2001-keyagree.bin
|MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD
|AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm
|mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI
|L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB
|gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD
|cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt
|MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN
|8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq
|hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ==
|<GostR3410-2001-keyagree.bin
|>GostR3410-2001-keyagree.bin
|MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD
|AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm
|mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI
|L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB
|gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD
|cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt
|MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN
|8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq
|hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ==
|<GostR3410-2001-keyagree.bin
This message is encrypted using the sample certificate from Section 4.2 of [CPPK] as a recipient certificate. The private key 'd' from the same section can be used to decrypt this message.
此邮件使用[CPPK]第4.2节中的示例证书作为收件人证书进行加密。来自同一节的私钥“d”可用于解密此消息。
0 423: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData
15 408: [0] {
19 404: SEQUENCE {
23 1: INTEGER 0
26 339: SET {
30 335: SEQUENCE {
34 1: INTEGER 0
37 129: SEQUENCE {
40 109: SEQUENCE {
42 31: SET {
44 29: SEQUENCE {
46 3: OBJECT IDENTIFIER commonName
51 22: UTF8String 'GostR3410-2001 example'
: }
: }
75 18: SET {
77 16: SEQUENCE {
79 3: OBJECT IDENTIFIER organizationName
84 9: UTF8String 'CryptoPro'
: }
: }
95 11: SET {
97 9: SEQUENCE {
99 3: OBJECT IDENTIFIER countryName
104 2: PrintableString 'RU'
: }
: }
108 41: SET {
110 39: SEQUENCE {
112 9: OBJECT IDENTIFIER emailAddress
123 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
151 16: INTEGER
: 2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
: }
169 28: SEQUENCE {
171 6: OBJECT IDENTIFIER id-GostR3410-2001
179 18: SEQUENCE {
181 7: OBJECT IDENTIFIER
0 423: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData
15 408: [0] {
19 404: SEQUENCE {
23 1: INTEGER 0
26 339: SET {
30 335: SEQUENCE {
34 1: INTEGER 0
37 129: SEQUENCE {
40 109: SEQUENCE {
42 31: SET {
44 29: SEQUENCE {
46 3: OBJECT IDENTIFIER commonName
51 22: UTF8String 'GostR3410-2001 example'
: }
: }
75 18: SET {
77 16: SEQUENCE {
79 3: OBJECT IDENTIFIER organizationName
84 9: UTF8String 'CryptoPro'
: }
: }
95 11: SET {
97 9: SEQUENCE {
99 3: OBJECT IDENTIFIER countryName
104 2: PrintableString 'RU'
: }
: }
108 41: SET {
110 39: SEQUENCE {
112 9: OBJECT IDENTIFIER emailAddress
123 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
151 16: INTEGER
: 2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
: }
169 28: SEQUENCE {
171 6: OBJECT IDENTIFIER id-GostR3410-2001
179 18: SEQUENCE {
181 7: OBJECT IDENTIFIER
: id-GostR3410-2001-CryptoPro-XchA-ParamSet
190 7: OBJECT IDENTIFIER
: id-GostR3411-94-CryptoProParamSet
: }
: }
199 167: OCTET STRING, encapsulates {
202 164: SEQUENCE {
205 40: SEQUENCE {
207 32: OCTET STRING
: 6A 2F A8 21 06 95 68 9F 9F E4 47 AA 9E CB 61 15
: 2B 7E 41 60 BC 5D 8D FB F5 3D 28 1B 18 9A F9 75
241 4: OCTET STRING
: 36 6D 98 B7
: }
247 120: [0] {
249 7: OBJECT IDENTIFIER
: id-Gost28147-89-CryptoPro-A-ParamSet
258 99: [0] {
260 28: SEQUENCE {
262 6: OBJECT IDENTIFIER id-GostR3410-2001
270 18: SEQUENCE {
272 7: OBJECT IDENTIFIER
: id-GostR3410-2001-CryptoPro-XchA-ParamSet
281 7: OBJECT IDENTIFIER
: id-GostR3411-94-CryptoProParamSet
: }
: }
290 67: BIT STRING encapsulates {
293 64: OCTET STRING
: 4D 2B 2F 33 90 E6 DC A3 DD 55 2A CD DF E0 EF FB
: 31 F7 73 7E 4E FF BF 78 89 8A 2B C3 CD 31 94 04
: 4B 0E 60 48 96 1F DB C7 5D 12 6F DA B2 40 8A 77
: B5 BD EA F2 EC 34 CB 23 9F 9B 8B DD 9E 12 C0 F6
: }
: }
359 8: OCTET STRING
: 97 95 E3 2C 2B AD 2B 0C
: }
: }
: }
: }
: }
369 56: SEQUENCE {
371 9: OBJECT IDENTIFIER data
382 29: SEQUENCE {
384 6: OBJECT IDENTIFIER id-Gost28147-89
392 19: SEQUENCE {
394 8: OCTET STRING BC 10 8B 1F 0B FF 34 29
: id-GostR3410-2001-CryptoPro-XchA-ParamSet
190 7: OBJECT IDENTIFIER
: id-GostR3411-94-CryptoProParamSet
: }
: }
199 167: OCTET STRING, encapsulates {
202 164: SEQUENCE {
205 40: SEQUENCE {
207 32: OCTET STRING
: 6A 2F A8 21 06 95 68 9F 9F E4 47 AA 9E CB 61 15
: 2B 7E 41 60 BC 5D 8D FB F5 3D 28 1B 18 9A F9 75
241 4: OCTET STRING
: 36 6D 98 B7
: }
247 120: [0] {
249 7: OBJECT IDENTIFIER
: id-Gost28147-89-CryptoPro-A-ParamSet
258 99: [0] {
260 28: SEQUENCE {
262 6: OBJECT IDENTIFIER id-GostR3410-2001
270 18: SEQUENCE {
272 7: OBJECT IDENTIFIER
: id-GostR3410-2001-CryptoPro-XchA-ParamSet
281 7: OBJECT IDENTIFIER
: id-GostR3411-94-CryptoProParamSet
: }
: }
290 67: BIT STRING encapsulates {
293 64: OCTET STRING
: 4D 2B 2F 33 90 E6 DC A3 DD 55 2A CD DF E0 EF FB
: 31 F7 73 7E 4E FF BF 78 89 8A 2B C3 CD 31 94 04
: 4B 0E 60 48 96 1F DB C7 5D 12 6F DA B2 40 8A 77
: B5 BD EA F2 EC 34 CB 23 9F 9B 8B DD 9E 12 C0 F6
: }
: }
359 8: OCTET STRING
: 97 95 E3 2C 2B AD 2B 0C
: }
: }
: }
: }
: }
369 56: SEQUENCE {
371 9: OBJECT IDENTIFIER data
382 29: SEQUENCE {
384 6: OBJECT IDENTIFIER id-Gost28147-89
392 19: SEQUENCE {
394 8: OCTET STRING BC 10 8B 1F 0B FF 34 29
404 7: OBJECT IDENTIFIER id-Gost28147-89-CryptoPro-A-ParamSet
: }
: }
413 12: [0] AA 8E 72 1D EE 4F B3 2E E3 0F A1 37
: }
: }
: }
: }
404 7: OBJECT IDENTIFIER id-Gost28147-89-CryptoPro-A-ParamSet
: }
: }
413 12: [0] AA 8E 72 1D EE 4F B3 2E E3 0F A1 37
: }
: }
: }
: }
|>GostR3410-2001-keytrans.bin
|MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD
|VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x
|CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt
|cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH
|KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5
|dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC
|HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd
|Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd
|BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw==
|<GostR3410-2001-keytrans.bin
|>GostR3410-2001-keytrans.bin
|MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD
|VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x
|CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt
|cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH
|KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5
|dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC
|HgEDQwAEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd
|Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd
|BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw==
|<GostR3410-2001-keytrans.bin
Additional ASN.1 modules, referenced here, can be found in [CPALGS].
此处引用的其他ASN.1模块可在[CPALGS]中找到。
GostR3410-EncryptionSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
id-CryptoPro-algorithms,
gost28147-89-EncryptionSyntax,
gostR3410-94-PKISyntax,
gostR3410-2001-PKISyntax,
ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
GostR3410-EncryptionSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
id-CryptoPro-algorithms,
gost28147-89-EncryptionSyntax,
gostR3410-94-PKISyntax,
gostR3410-2001-PKISyntax,
ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions -- in [CPALGS]
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-94
FROM GostR3410-94-PKISyntax -- in [CPALGS]
gostR3410-94-PKISyntax
id-GostR3410-2001
FROM GostR3410-2001-PKISyntax -- in [CPALGS]
gostR3410-2001-PKISyntax
Gost28147-89-ParamSet,
Gost28147-89-EncryptedKey
FROM Gost28147-89-EncryptionSyntax -- in [CPALGS]
gost28147-89-EncryptionSyntax
SubjectPublicKeyInfo
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-explicit-88(1)}
;
-- CMS/PKCS#7 key agreement algorithms & parameters
Gost28147-89-KeyWrapParameters ::=
SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet,
ukm OCTET STRING (SIZE (8)) OPTIONAL
}
id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }
id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms keyWrap(13) none(0) }
Gost28147-89-KeyWrapAlgorithms ALGORITHM-IDENTIFIER ::= {
{ Gost28147-89-KeyWrapParameters IDENTIFIED BY
id-Gost28147-89-CryptoPro-KeyWrap } |
{ Gost28147-89-KeyWrapParameters IDENTIFIED BY
id-Gost28147-89-None-KeyWrap }
}
id-GostR3410-2001-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms
gostR3410-2001-CryptoPro-ESDH(96) }
id-GostR3410-94-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms
gostR3410-94-CryptoPro-ESDH(97) }
-- CMS/PKCS#7 key transport algorithms & parameters
-- OID for CMS/PKCS#7 Key transport is id-GostR3410-94 from
-- GostR3410-94-PKISyntax or id-GostR3410-2001 from
-- GostR3410-2001-PKISyntax
-- Algorithms for CMS/PKCS#7 Key transport are
-- GostR3410-94-PublicKeyAlgorithms from
-- GostR3410-94-PKISyntax or
FROM Cryptographic-Gost-Useful-Definitions -- in [CPALGS]
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-94
FROM GostR3410-94-PKISyntax -- in [CPALGS]
gostR3410-94-PKISyntax
id-GostR3410-2001
FROM GostR3410-2001-PKISyntax -- in [CPALGS]
gostR3410-2001-PKISyntax
Gost28147-89-ParamSet,
Gost28147-89-EncryptedKey
FROM Gost28147-89-EncryptionSyntax -- in [CPALGS]
gost28147-89-EncryptionSyntax
SubjectPublicKeyInfo
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-explicit-88(1)}
;
-- CMS/PKCS#7 key agreement algorithms & parameters
Gost28147-89-KeyWrapParameters ::=
SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet,
ukm OCTET STRING (SIZE (8)) OPTIONAL
}
id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }
id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms keyWrap(13) none(0) }
Gost28147-89-KeyWrapAlgorithms ALGORITHM-IDENTIFIER ::= {
{ Gost28147-89-KeyWrapParameters IDENTIFIED BY
id-Gost28147-89-CryptoPro-KeyWrap } |
{ Gost28147-89-KeyWrapParameters IDENTIFIED BY
id-Gost28147-89-None-KeyWrap }
}
id-GostR3410-2001-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms
gostR3410-2001-CryptoPro-ESDH(96) }
id-GostR3410-94-CryptoPro-ESDH OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms
gostR3410-94-CryptoPro-ESDH(97) }
-- CMS/PKCS#7 key transport algorithms & parameters
-- OID for CMS/PKCS#7 Key transport is id-GostR3410-94 from
-- GostR3410-94-PKISyntax or id-GostR3410-2001 from
-- GostR3410-2001-PKISyntax
-- Algorithms for CMS/PKCS#7 Key transport are
-- GostR3410-94-PublicKeyAlgorithms from
-- GostR3410-94-PKISyntax or
-- GostR3410-2001-PublicKeyAlgorithms from
-- GostR3410-2001-PKISyntax
-- SMIMECapability for CMS/PKCS#7 Key transport are
-- id-GostR3410-94 from GostR3410-94-PKISyntax or
-- id-GostR3410-2001 from GostR3410-2001-PKISyntax
id-GostR3410-94-KeyTransportSMIMECapability
OBJECT IDENTIFIER ::= id-GostR3410-94
id-GostR3410-2001-KeyTransportSMIMECapability
OBJECT IDENTIFIER ::= id-GostR3410-2001
GostR3410-KeyTransport ::=
SEQUENCE {
sessionEncryptedKey Gost28147-89-EncryptedKey,
transportParameters [0]
IMPLICIT GostR3410-TransportParameters OPTIONAL
}
GostR3410-TransportParameters ::=
SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet,
ephemeralPublicKey [0]
IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING ( SIZE(8) )
}
END -- GostR3410-EncryptionSyntax
-- GostR3410-2001-PublicKeyAlgorithms from
-- GostR3410-2001-PKISyntax
-- SMIMECapability for CMS/PKCS#7 Key transport are
-- id-GostR3410-94 from GostR3410-94-PKISyntax or
-- id-GostR3410-2001 from GostR3410-2001-PKISyntax
id-GostR3410-94-KeyTransportSMIMECapability
OBJECT IDENTIFIER ::= id-GostR3410-94
id-GostR3410-2001-KeyTransportSMIMECapability
OBJECT IDENTIFIER ::= id-GostR3410-2001
GostR3410-KeyTransport ::=
SEQUENCE {
sessionEncryptedKey Gost28147-89-EncryptedKey,
transportParameters [0]
IMPLICIT GostR3410-TransportParameters OPTIONAL
}
GostR3410-TransportParameters ::=
SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet,
ephemeralPublicKey [0]
IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING ( SIZE(8) )
}
END -- GostR3410-EncryptionSyntax
GostR3410-94-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions -- in [CPALGS]
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-94,
GostR3410-94-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions -- in [CPALGS]
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-94,
GostR3410-94-PublicKeyParameters
FROM GostR3410-94-PKISyntax -- in [CPALGS]
gostR3410-94-PKISyntax
;
-- GOST R 34.10-94 signature data type
GostR3410-94-Signature ::=
OCTET STRING (SIZE (64))
-- GOST R 34.10-94 signature algorithm & parameters
GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= {
{ GostR3410-94-PublicKeyParameters IDENTIFIED BY
id-GostR3410-94 }
}
GostR3410-94-PublicKeyParameters
FROM GostR3410-94-PKISyntax -- in [CPALGS]
gostR3410-94-PKISyntax
;
-- GOST R 34.10-94 signature data type
GostR3410-94-Signature ::=
OCTET STRING (SIZE (64))
-- GOST R 34.10-94 signature algorithm & parameters
GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= {
{ GostR3410-94-PublicKeyParameters IDENTIFIED BY
id-GostR3410-94 }
}
END -- GostR3410-94-SignatureSyntax
结束——GostR3410-94-SignatureSyntax
GostR3410-2001-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
gostR3410-2001-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions -- in [CPALGS]
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-2001,
GostR3410-2001-PublicKeyParameters -- in [CPALGS]
FROM GostR3410-2001-PKISyntax
gostR3410-2001-PKISyntax
;
-- GOST R 34.10-2001 signature data type
GostR3410-2001-Signature ::=
OCTET STRING (SIZE (64))
-- GOST R 34.10-2001 signature algorithms and parameters
GostR3410-2001-CMSSignatureAlgorithms
GostR3410-2001-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
gostR3410-2001-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions -- in [CPALGS]
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-2001,
GostR3410-2001-PublicKeyParameters -- in [CPALGS]
FROM GostR3410-2001-PKISyntax
gostR3410-2001-PKISyntax
;
-- GOST R 34.10-2001 signature data type
GostR3410-2001-Signature ::=
OCTET STRING (SIZE (64))
-- GOST R 34.10-2001 signature algorithms and parameters
GostR3410-2001-CMSSignatureAlgorithms
ALGORITHM-IDENTIFIER ::= {
{ GostR3410-2001-PublicKeyParameters IDENTIFIED BY
id-GostR3410-2001 }
}
END -- GostR3410-2001-SignatureSyntax
ALGORITHM-IDENTIFIER ::= {
{ GostR3410-2001-PublicKeyParameters IDENTIFIED BY
id-GostR3410-2001 }
}
END -- GostR3410-2001-SignatureSyntax
This document was created in accordance with "Russian Cryptographic Software Compatibility Agreement", signed by FGUE STC "Atlas", CRYPTO-PRO, Factor-TS, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual compatibility of the products and solutions.
本文件是根据FGUE STC“Atlas”、CRYPTO-PRO、Factor TS、MD PREI、Infotecs GmbH、SPRCIS(SPbRCZI)、Cryptocom、R-Alpha签署的“俄罗斯加密软件兼容性协议”编制的。本协议旨在实现产品和解决方案的相互兼容性。
The authors wish to thank:
作者要感谢:
Microsoft Corporation Russia for providing information about company products and solutions, and also for technical consulting in PKI.
微软俄罗斯公司提供有关公司产品和解决方案的信息,以及PKI方面的技术咨询。
RSA Security Russia and Demos Co Ltd for active collaboration and critical help in creation of this document.
RSA Security Russia and Demos Co Ltd在创建本文档过程中的积极合作和关键帮助。
Russ Housley (Vigil Security, LLC, housley@vigilsec.com) and Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for encouraging the authors to create this document.
Russ Housley(Vigil Security,LLC,housley@vigilsec.com)和Vasilij Sakharov(DEMOS Co.,Ltd.),svp@dol.ru)鼓励作者创建此文档。
Prikhodko Dmitriy (VSTU, PrikhodkoDV@volgablob.ru) for invaluable assistance in proofreading this document and verifying the form and the contents of the ASN.1 structures mentioned or used in this document.
普里霍德科·德米特里(VSTU,PrikhodkoDV@volgablob.ru)在校对本文件和验证本文件中提及或使用的ASN.1结构的形式和内容方面提供宝贵帮助。
[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, July 2004.
[CMS]Housley,R.,“加密消息语法(CMS)”,RFC 38522004年7月。
[CPALGS] Popov, V., Kurepkin, I., and S. Leontiev, "Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms", RFC 4357, January 2006.
[CPALGS]Popov,V.,Kurepkin,I.,和S.Leontiev,“用于GOST 28147-89,GOST R 34.10-94,GOST R 34.10-2001和GOST R 34.11-94算法的其他加密算法”,RFC 4357,2006年1月。
[CPPK] Leontiev, S., Ed. and D. Shefanovskij, Ed., "Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile", RFC 4491, May 2006.
[CPPK]Leontiev,S.,Ed.和D.Shefanovskij,Ed.,“将GOST R 34.10-94、GOST R 34.10-2001和GOST R 34.11-94算法与Internet X.509公钥基础设施证书和CRL配置文件结合使用”,RFC 4491,2006年5月。
[GOST28147] "Cryptographic Protection for Data Processing System", GOST 28147-89, Gosudarstvennyi Standard of USSR, Government Committee of the USSR for Standards, 1989. (In Russian)
[GOST28147]“数据处理系统的密码保护”,GOST 28147-89,苏联Gosudarstvenyi标准,苏联政府标准委员会,1989年。(俄语)
[GOST3431195] "Information technology. Cryptographic Data Security. Cashing function.", GOST 34.311-95, Council for Standardization, Metrology and Certification of the Commonwealth of Independence States (EASC), Minsk, 1995. (In Russian)
[GOST3431195]“信息技术。加密数据安全。兑现功能”,GOST 34.311-95,独立国家联合体标准化、计量和认证委员会(EASC),明斯克,1995年。(俄语)
[GOST3431095] "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signature based on Asymmetric Cryptographic Algorithm.", GOST 34.310-95, Council for Standardization, Metrology and Certification of the Commonwealth of Independence States (EASC), Minsk, 1995. (In Russian)
[GOST3431095]“信息技术.加密数据安全.基于非对称加密算法的电子数字签名的产生和检查程序”,GOST 34.310-95,独立国家联合体标准化、计量和认证委员会(EASC),明斯克,1995年。(俄语)
[GOST3431004] "Information technology. Cryptographic Data Security. Formation and verification processes of (electronic) digital signature based on Asymmetric Cryptographic Algorithm.", GOST 34.310-2004, Council for Standardization, Metrology and Certification of the Commonwealth of Independence States (EASC), Minsk, 2004. (In Russian)
[GOST343104]“信息技术.加密数据安全.基于非对称加密算法的(电子)数字签名的形成和验证过程”,GOST 34.310-2004,独立国家联合体标准化、计量和认证委员会(EASC),明斯克,2004年。(俄语)
[GOSTR341094] "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", GOST R 34.10-94, Gosudarstvennyi Standard of Russian Federation, Government Committee of the Russia for Standards, 1994. (In Russian)
[GOSTR341094]“信息技术.加密数据安全.基于非对称加密算法的电子数字签名的产生和检查程序”,GOST R 34.10-94,俄罗斯联邦Gosudarstvenyi标准,俄罗斯政府标准委员会,1994年。(俄语)
[GOSTR341001] "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.", GOST R 34.10-2001, Gosudarstvennyi Standard of Russian Federation, Government Committee of the Russia for Standards, 2001. (In Russian)
[GOSTR341001]“信息技术.加密数据安全.[电子]数字签名的签名和验证过程”,GOST R 34.10-2001,俄罗斯联邦GOSUDARTVENNYI标准,俄罗斯政府标准委员会,2001年。(俄语)
[GOSTR341194] "Information technology. Cryptographic Data Security. Hashing function.", GOST R 34.10-94, Gosudarstvennyi Standard of Russian Federation, Government Committee of the Russia for Standards, 1994. (In Russian)
[GOSTR341194]“信息技术.加密数据安全.散列函数”,GOST R 34.10-94,俄罗斯联邦Gosudarstvenyi标准,俄罗斯政府标准委员会,1994年。(俄语)
[PROFILE] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.
[简介]Housley,R.,Polk,W.,Ford,W.,和D.Solo,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)简介”,RFC 32802002年4月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC3851] Ramsdell, B., "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification", RFC 3851, July 2004.
[RFC3851]Ramsdell,B.,“安全/多用途Internet邮件扩展(S/MIME)版本3.1消息规范”,RFC 38512004年7月。
[X.208-88] CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.
[X.208-88]CCITT。建议X.208:抽象语法符号1(ASN.1)的规范。1988
[X.209-88] CCITT. Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1). 1988.
[X.209-88]CCITT。建议X.209:抽象语法符号1(ASN.1)的基本编码规则规范。1988
[CRYPTOLIC] "Russian Federal Government Regulation on Licensing of Selected Activity Categories in Cryptography Area", 23 Sep 2002 N 691.
[CRYPTOLIC]“俄罗斯联邦政府关于加密领域选定活动类别许可的条例”,2002年9月23日,第691页。
[RFC4134] Hoffman, P., "Examples of S/MIME Messages", RFC 4134, July 2005.
[RFC4134]Hoffman,P.,“S/MIME消息的示例”,RFC 41342005年7月。
[RFEDSL] "Russian Federal Electronic Digital Signature Law", 10 Jan 2002 N 1-FZ.
[RFEDSL]“俄罗斯联邦电子数字签名法”,2002年1月10日N 1-FZ。
[RFLLIC] "Russian Federal Law on Licensing of Selected Activity Categories", 08 Aug 2001 N 128-FZ.
[Rflical]“俄罗斯联邦关于选定活动类别许可的法律”,2001年8月8日N 128-FZ。
[Schneier95] B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, Inc., 1995.
[Schneier95]B.Schneier,应用密码学,第二版,约翰·威利父子公司,1995年。
Authors' Addresses
作者地址
Serguei Leontiev, Ed. CRYPTO-PRO 38, Obraztsova, Moscow, 127018, Russian Federation
Serguei Leontiev,Ed.CRYPTO-PRO 38,莫斯科奥布拉佐娃,127018,俄罗斯联邦
EMail: lse@cryptopro.ru
EMail: lse@cryptopro.ru
Grigorij Chudov, Ed. CRYPTO-PRO 38, Obraztsova, Moscow, 127018, Russian Federation
Grigorij Chudov,CRYPTO-PRO 38版,莫斯科奥布拉佐娃,127018,俄罗斯联邦
EMail: chudov@cryptopro.ru
EMail: chudov@cryptopro.ru
Vladimir Popov CRYPTO-PRO 38, Obraztsova, Moscow, 127018, Russian Federation
弗拉基米尔·波波夫CRYPTO-PRO 38,莫斯科奥布拉佐娃,127018,俄罗斯联邦
EMail: vpopov@cryptopro.ru
EMail: vpopov@cryptopro.ru
Alexandr Afanasiev Factor-TS office 711, 14, Presnenskij val, Moscow, 123557, Russian Federation
Alexandr Afanasiev系数TS办公室711、14号,莫斯科普雷斯涅斯基瓦尔,123557,俄罗斯联邦
EMail: afa1@factor-ts.ru
EMail: afa1@factor-ts.ru
Nikolaj Nikishin Infotecs GmbH p/b 35, 80-5, Leningradskij prospekt, Moscow, 125315, Russian Federation
Nikolaj Nikishin Infotecs GmbH p/b 35,80-5,列宁格勒斯基普罗斯佩克特,莫斯科,125315,俄罗斯联邦
EMail: nikishin@infotecs.ru
EMail: nikishin@infotecs.ru
Boleslav Izotov FGUE STC "Atlas" 38, Obraztsova, Moscow, 127018, Russian Federation
Boleslav Izotov FGUE STC“阿特拉斯”38,莫斯科奥布拉佐娃,127018,俄罗斯联邦
EMail: izotov@nii.voskhod.ru
EMail: izotov@nii.voskhod.ru
Elena Minaeva MD PREI build 3, 6A, Vtoroj Troitskij per., Moscow, Russian Federation
俄罗斯联邦莫斯科Vtoroj Troitskij per.Elena Minaeva MD PREI build 3,6A
EMail: evminaeva@mail.ru
EMail: evminaeva@mail.ru
Igor Ovcharenko MD PREI Office 600, 14, B.Novodmitrovskaya, Moscow, Russian Federation
Igor Ovcharenko MD PREI办公室600,俄罗斯联邦莫斯科B.Novodmitrovskaya 14号
EMail: igori@mo.msk.ru
EMail: igori@mo.msk.ru
Serguei Murugov R-Alpha 4/1, Raspletina, Moscow, 123060, Russian Federation
俄罗斯联邦莫斯科拉斯普雷蒂纳塞尔盖·穆鲁戈夫R-Alpha 4/1,123060
EMail: msm@top-cross.ru
EMail: msm@top-cross.ru
Igor Ustinov Cryptocom office 239, 51, Leninskij prospekt, Moscow, 119991, Russian Federation
Igor Ustinov Cryptocom办公室239,51,列宁斯基普罗斯佩克特,莫斯科,119991,俄罗斯联邦
EMail: igus@cryptocom.ru
EMail: igus@cryptocom.ru
Anatolij Erkin SPRCIS (SPbRCZI) 1, Obrucheva, St.Petersburg, 195220, Russian Federation
Anatolij Erkin SPRCIS(SPbRCZI)1,圣彼得堡奥布鲁切瓦,195220,俄罗斯联邦
EMail: erkin@nevsky.net
EMail: erkin@nevsky.net
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。